1 package org.apache.turbine.util;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22 import org.apache.ecs.Entities;
23
24 import org.apache.ecs.filter.CharacterFilter;
25
26 /***
27 * Some filter methods that have been orphaned in the Screen class.
28 *
29 *
30 * @author <a href="mailto:mbryson@mont.mindspring.com">Dave Bryson</a>
31 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
32 * @version $Id: InputFilterUtils.java 534527 2007-05-02 16:10:59Z tv $
33 */
34
35 public abstract class InputFilterUtils
36 {
37 /*** A HtmlFilter Object for the normal input filter */
38 private static final CharacterFilter filter = htmlFilter();
39
40 /*** A HtmlFilter Object for the minimal input filter */
41 private static final CharacterFilter minFilter = htmlMinFilter();
42
43 /***
44 * This function can/should be used in any screen that will output
45 * User entered text. This will help prevent users from entering
46 * html (<SCRIPT>) tags that will get executed by the browser.
47 *
48 * @param s The string to prepare.
49 * @return A string with the input already prepared.
50 */
51 public static String prepareText(String s)
52 {
53 return filter.process(s);
54 }
55
56 /***
57 * This function can/should be used in any screen that will output
58 * User entered text. This will help prevent users from entering
59 * html (<SCRIPT>) tags that will get executed by the browser.
60 *
61 * @param s The string to prepare.
62 * @return A string with the input already prepared.
63 */
64 public static String prepareTextMinimum(String s)
65 {
66 return minFilter.process(s);
67 }
68
69 /***
70 * These attributes are supposed to be the default, but they are
71 * not, at least in ECS 1.2. Include them all just to be safe.
72 *
73 * @return A CharacterFilter to do HTML filtering.
74 */
75 private static CharacterFilter htmlFilter()
76 {
77 CharacterFilter filter = new CharacterFilter();
78 filter.addAttribute("\"", Entities.QUOT);
79 filter.addAttribute("'", Entities.LSQUO);
80 filter.addAttribute("&", Entities.AMP);
81 filter.addAttribute("<", Entities.LT);
82 filter.addAttribute(">", Entities.GT);
83 return filter;
84 }
85
86
87
88
89
90
91
92
93
94 private static CharacterFilter htmlMinFilter()
95 {
96 CharacterFilter filter = new CharacterFilter();
97 filter.removeAttribute(">");
98 filter.removeAttribute("\"");
99 filter.removeAttribute("'");
100 filter.removeAttribute("&");
101 filter.addAttribute("<", Entities.LT);
102 return filter;
103 }
104 }